The confidentiality and integrity of data are cornerstone properties of information technology security. The use of cryptography in conjunction with more traditional access controls and other isolation mechanisms is now wide-spread, well understood, and accepted when protecting data at rest or in motion. For example, we use encrypted filesystems or self-encrypting storage devices when we save data on our computers, and we look for a lock symbol in our web browser address bar when we conduct business online because it signifies the use of Transport Layer Security (TSL), a secure communication protocol that relies heavily on cryptography.
As we rely more and more on computing environments that we may not directly control, there is heightened interest in the use of cryptography to protect data that is actively in use. Here too, cryptographic technologies have great promise and potentially huge implications for the outsourcing of private computation to environments such as those we see with various cloud computing models. For example, Fully Homomorphic Encryption (FHE) supports arbitrary computation on ciphertexts, or encrypted data. There have been significant advances in FHE since it was first proposed in the late 1970’s. Unfortunately, implementations of FHE and other promising cryptographic technologies such as Secure Multi-Party Computation, may have a long way to go before they are practical for generic computation in common computing environments.
Trusted Executions Environments (TEEs) are hardware-based computing environments that combine cryptographic isolation of code and data in memory, along with more traditional isolation techniques, to provide strong confidentiality and integrity assurances. Intel Software Guard Extensions (SGX) is an example of such a TEE. We will examine SGX and other promising TEEs to better understand the assurances these technologies provide, the capabilities they enable today, and the opportunities and challenges remaining as we seek stronger security assurances for our most common computing environments.